CVE-2017-5228 : Security Advisory and Response

Rapid7 Metasploit versions prior to 4.13.0-2017020701 are vulnerable to a directory traversal issue in the Meterpreter stdapi Dir.download() function.

Understanding CVE-2017-5228

This CVE involves a vulnerability in Rapid7 Metasploit that allows unauthorized writing of files to any directory on the Metasploit console.

What is CVE-2017-5228?

The vulnerability in the Meterpreter stdapi Dir.download() function in Rapid7 Metasploit versions prior to 4.13.0-2017020701 enables directory traversal, permitting the writing of files to any directory on the Metasploit console.

The Impact of CVE-2017-5228

Exploiting this vulnerability allows an attacker to write files to any directory on the Metasploit console, with the permissions of the running Metasploit instance.

Technical Details of CVE-2017-5228

Rapid7 Metasploit versions prior to 4.13.0-2017020701 are affected by this vulnerability.

Vulnerability Description

The Meterpreter stdapi Dir.download() function in these versions has a directory traversal vulnerability, enabling unauthorized file writing to the Metasploit console.

Affected Systems and Versions

Product: Metasploit
Vendor: Rapid7
Versions Affected: All versions prior to 4.13.0-2017020701

Exploitation Mechanism

By using a specially-crafted build of Meterpreter, attackers can exploit this vulnerability to write files to any directory on the Metasploit console.

Mitigation and Prevention

To address CVE-2017-5228, consider the following steps:

Immediate Steps to Take

Update Metasploit to version 4.13.0-2017020701 or later to mitigate the vulnerability.
Restrict access to the Metasploit console to authorized users only.

Long-Term Security Practices

Regularly monitor and audit file write activities on the Metasploit console.
Implement least privilege access controls to limit the impact of potential vulnerabilities.

Patching and Updates

Apply security patches and updates provided by Rapid7 for Metasploit to address known vulnerabilities.